Planning Ahead
Digital Legacy Planning End of Life Planning
Grief & Support
How to Deal With Grief
HomeHow to Leave Passwords After Death
Digital Legacy

How to Leave Passwords After Death

Most families can't access a single account when someone dies. Here's how to leave the right digital access information before it becomes their problem.

AM
Alex McGregor
Updated May 2026
8 min read
In this article
Reading progress

Most people have over 100 online accounts. Banking, email, subscriptions, cloud storage, social media, investment platforms. When someone dies, their family is suddenly expected to find, access, and manage all of it, usually while dealing with everything else that comes with grief.

The problem isn’t just the passwords. It’s that most accounts are now protected by layers of security that no one thought to plan around. Two-factor authentication, recovery emails, device-based logins. Even with the right password, a family member can be completely locked out.

Planning how to leave password access after death is one of the most practical things you can do for the people who will handle your estate. It takes a few hours, and it saves real time, stress, and often money.

Why families struggle to access accounts after a death

It starts with the sheer number of accounts. Without a list, there’s no way to know what exists. Subscriptions keep charging. Cryptocurrency sits unreachable. Years of photos stored in a cloud account disappear when the platform removes inactive users.

Beyond finding accounts, accessing them is a separate challenge. Passwords are one barrier. But many accounts also require a code sent to a phone, a fingerprint scan, or a confirmation email to an inbox the family can’t open. If the phone number has been disconnected or the device is locked, that second layer of security becomes an impenetrable wall.

This is increasingly common. According to Everplans, 72% of Americans have digital assets, but fewer than 25% have left any documented access instructions.

The practical consequences are real. Families spend hours trying to cancel subscriptions on dormant accounts. Executors can’t retrieve financial information to close out an estate. Irreplaceable files, messages, and photos are lost. Some of it can never be recovered.

Why writing down passwords isn’t enough

Writing passwords on a piece of paper is better than nothing. It isn’t a plan.

The first problem is that passwords change. Most security-conscious people change them regularly, and if a written list isn’t updated alongside those changes, it becomes useless quickly. A survey by Everplans found that 38% of people who had written down passwords had never updated that record.

The second problem is two-factor authentication. Most banks, email providers, and financial platforms now send a code to your phone or ask you to approve a login from an authenticated device. Your family could have the correct password and still hit a wall because the approval request goes to a phone they can’t unlock or a number that’s been disconnected.

The third problem is the recovery email. Most platforms let you reset a forgotten password by sending a link to a backup email address. If that backup email is itself inaccessible, the whole chain breaks. Your primary email address is often the key that unlocks everything else.

Finally, there’s security risk. A handwritten list of every password you own, kept in a drawer or a notebook, is a serious liability if it falls into the wrong hands while you’re still alive. It can also create legal complications: most platform terms of service technically prohibit sharing passwords.

The goal is to leave access, not just a list of words.

Password managers with emergency access

The most practical solution for most people is a password manager with an emergency access feature.

Password managers store all your logins in an encrypted vault. Instead of remembering dozens of passwords, you remember one master password. The emergency access feature lets you designate a trusted person who can request access to your vault if something happens to you.

Here’s how it works in plain terms. You set up the password manager and name someone you trust as an emergency contact. If you die, that person can submit a request for access. The manager either grants access automatically after a waiting period you’ve set (anywhere from one day to 30 days), or sends you a notification to approve or deny it while you’re alive. If you die before the waiting period ends, access is granted automatically.

Several major password managers offer this. Bitwarden has a free emergency access feature. 1Password includes it on paid plans. LastPass and Dashlane offer similar functionality. All of them work in both the US and the UK.

The advantage over a written list is significant. The passwords stay encrypted until they’re actually needed. They’re automatically up to date, since your vault updates whenever you change a password. And your trusted person doesn’t have access until it’s necessary.

Setting up emergency access takes around ten minutes and removes most of the practical problems in one step.

What to leave alongside passwords

Even with a password manager in place, there’s additional information that makes things significantly easier for whoever handles your estate.

A full account list. Before anything else, the people managing your estate need to know what accounts exist. A simple list covering the account name, what it’s for, the username or email used to log in, and brief instructions (close this, memorialize this, keep this active for 90 days) saves an enormous amount of time.

Your primary email access. This is the single most important account to leave accessible. Most platforms use your email address for password resets and account verification. Whoever manages your estate should be able to get into your main inbox. Include the password, the recovery email, and any backup codes.

Two-factor authentication backup codes. When you set up 2FA on most accounts, the platform generates a set of one-time backup codes. Most people ignore these and never save them. They’re critical. If the phone associated with your 2FA is locked or disconnected, these codes are the only way to regain access. Print them or save them securely alongside your account list.

Recovery methods. Note which accounts use SMS codes, which use an authenticator app, and which use a recovery email. This tells the executor exactly what they’re dealing with before they start.

What to do with each account. A password without instructions creates decisions under pressure. Should they close it? Leave it up? Facebook can be memorialized. Subscriptions should be cancelled. Some email accounts should stay open long enough to catch important correspondence. Write it down.

Where to store this information safely

The principle here is simple: don’t hide it so well that no one can find it, but don’t leave it where anyone could stumble across it.

For most people, the right answer combines two approaches.

Use a password manager as the primary system. Your vault holds the passwords, and you’ve set up emergency access for your executor or a trusted person. This covers the day-to-day and stays current automatically.

Store a physical backup for the things that matter most. Write down the master password for your password manager, the backup codes for your most important accounts, and your account list. Put this in a sealed envelope inside a home safe, or with your will and other estate documents. Your executor should know where it is, even if they don’t need to open it until the time comes.

Some people use a safety deposit box at their bank, though families sometimes need a court order to access these initially. Others leave a sealed envelope with their attorney alongside their will. Digital will platforms like Everplans offer cloud-based storage that can be shared directly with an executor.

Whatever you choose, make sure at least one person knows the system exists and where to find it.

Who should have access and how much

Sharing everything with multiple people creates its own problems. It fragments responsibility and increases security risk.

The cleanest approach is one trusted person, usually your executor, who holds the master key. That person is responsible for accessing your accounts, following your instructions, and deciding what others need to know as part of managing the estate.

If you want family members to be able to retrieve specific things, like family photos from a cloud account, write that as a specific instruction rather than sharing broad account access. Your executor can act on that instruction without handing over your entire digital life to multiple people.

Your executor doesn’t need to know all your passwords today. They need to know that the information exists, where it’s stored, and how to access that storage if something happens to you. That’s enough.

Common mistakes that create problems for families

A few patterns come up repeatedly when families are left without clear digital access.

Outdated passwords are the most common. A written list that was accurate two years ago is a frustration, not a help. If you’re using written storage, review it at least once a year. A password manager eliminates this problem almost entirely.

Forgotten subscriptions. Recurring charges on streaming services, software tools, membership sites, and subscription boxes can add up to hundreds of dollars a year. Without a clear account list, families often don’t find these until they’re reviewing months of bank statements.

Cryptocurrency and digital assets. Blockchain analytics firms have estimated that billions of dollars in cryptocurrency has been lost because owners died without leaving recovery keys or wallet access information. If you hold any crypto, the wallet’s seed phrase or recovery key is the only way to retrieve it. This information must be stored securely and separately from everything else.

Cloud storage. Google Drive, iCloud, OneDrive, Dropbox. These often contain financial documents, tax records, personal photos, and important correspondence. They’re frequently overlooked in access planning.

Hiding things too well. Some people put critical information in an encrypted drive without storing the encryption key anywhere. Or lock important documents in a safe and tell no one the combination. The information exists but is effectively gone.

How this connects to broader digital estate planning

Passwords are one part of a larger picture. The full picture includes what you want to happen to your online accounts, what digital assets you own and what they’re worth, and who has the legal authority to act.

In the US, the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), now adopted by most states, allows executors to manage digital assets if the account holder’s will explicitly grants that authority, or if the platform permits it. Without that language in your will, your executor may not have clear legal standing even with the passwords.

In the UK, executors have broad authority over estate assets, but access to personal digital accounts sits in a legal grey area unless it’s explicitly addressed in the will. The Law Society recommends adding a digital asset schedule or codicil to your will that names specific accounts and states what you want to happen to them.

Both approaches point to the same conclusion: password access and legal authority need to work together. Passwords without authority can create complications. Authority without passwords creates practical barriers.

The role of a digital executor

A digital executor is the person responsible for managing your online accounts and digital assets after you die. In the US, this role can be formally named in your will under RUFADAA. In the UK, it’s typically the executor, with specific digital asset instructions added to the will.

This person needs two things: clear authority (documented in your will) and clear access (the password manager, the account list, the physical backup). Without both, they’re working with one hand tied.

When choosing this person, think about who is organized, comfortable using technology, and likely to follow your written instructions carefully. It doesn’t have to be the same person as your financial executor, though it often is.

The written instructions you leave matter as much as the access. Tell your digital executor what you want done with each account. Not just “handle my accounts” but specific direction: cancel the subscriptions, retrieve the photos from iCloud and share them with the family, memorialize the Facebook page, close the email after 90 days.

What to do right now

  • Choose a password manager and set up emergency access for your executor or a trusted person today
  • Create a simple account list covering every account that matters, including what to do with each one
  • Find and save the 2FA backup codes for your most important accounts, especially your primary email
  • Write down your password manager’s master password and store it with your will or in a home safe
  • Tell your executor that this information exists and where they can find it
  • Add a digital assets section to your will, or ask your attorney about adding a digital asset codicil

None of this has to be perfect on the first pass. A rough account list and one trusted person who knows where to find it is significantly better than nothing. The goal is to make things findable and manageable, not to build a perfect system.

FAQs

What happens to my passwords and accounts when I die?
Without access instructions, loved ones typically cannot get into your email, banking, or social media accounts. Most platforms have memorial or legacy policies, but executors usually need either your stored passwords or a death certificate to request access. Each provider has different rules, so there is no single process. Planning ahead removes this barrier entirely.
Is it safe to write down passwords, or should I use a password manager?
A password manager such as Bitwarden, 1Password, or Dashlane is more secure than paper because it is encrypted and accessible remotely using a single master password. If you prefer writing passwords down, store them in a locked safe rather than a loose drawer. Never send passwords by unencrypted email. The National Cyber Security Centre recommends password managers as the safer long-term option.
Who should I give my passwords to before I die?
Name your executor or a trusted family member in your will, and share only the master password or access method with them rather than every individual password. Keep this information separate from the will itself. Make sure they know where to find your password manager or written password list when the time comes. Guidance from The Law Society supports this approach.
Can my family access my email after I die without passwords?
Yes, but the process is slower. Providers such as Gmail, Outlook, and Yahoo allow executors to request account access using a death certificate and proof of authority. This can take weeks and may be refused depending on the platform's privacy policy. Google's Inactive Account Manager and Microsoft's next-of-kin process are the most straightforward routes, but storing passwords in advance is much faster.
Should I include password information in my will?
No. Wills become public documents during probate, so listing passwords there exposes them to anyone who requests a copy. Store passwords separately in a secure location, such as a locked safe or an encrypted password manager, and reference that location in your will with brief access instructions. Keep the actual credentials private. The Law Society recommends this separation clearly.
← Back to Digital Legacy